VirtualBox

Ticket #7441 (new enhancement)

Opened 4 years ago

Last modified 4 years ago

Expose "--vrdpaddress 127.0.0.1" in the GUI

Reported by: mh Owned by:
Priority: minor Component: RDP
Version: VirtualBox 3.2.8 Keywords:
Cc: Guest type: other
Host type: other

Description

RDP is not just for remote access but also for local, headless machines. So it would be great to add a very simple "restrict to local host" checkbox in the Remote Display configuration tab. This checkbox would just configure "--vrdpaddress" to "127.0.0.1", for obvious security benefits.

I realize this feature is already available on the command line but having it exposed in the GUI would make a lot more of people using it, making VirtualBox a generally more secure product.

A more advanced (and maybe overkill) variant of this feature would let the user bind not just to its loopback interface but to any of its network interfaces.

Change History

comment:1 follow-up: ↓ 2 Changed 4 years ago by frank

I understand this feature request but the user who enables a remote desktop protocol should be aware that he opens a potential security hole and he should therefore take the required actions to block access from non-authorized users. He has several capabilities to do so: Adjust the local firewall rules, adjust the VM RDP auth type (--vrdpauthtype), adjust the IP at which the RDP server listens.

We could add a field VRDP address to the VM GUI settings but we normally don't expose every VM setting to the GUI, only the important ones. Having a simple checkbox (restrict to locahost) is not possible because that wouldn't catch more sophisticated settings done with VBoxManage.

comment:2 in reply to: ↑ 1 Changed 4 years ago by mh

Frank, thanks for considering this request.

Replying to frank:

He has several capabilities to do so: Adjust the local firewall rules,...

Firewalls are an order of magnitude more complicated than binding. Complexity is bad for security since it is error-prone. Experience shows that most people do not understand firewalling, even many IT people. Thus this request.

We could add a field VRDP address to the VM GUI settings but we normally don't expose every VM setting to the GUI, only the important ones.

Understood.

Having a simple checkbox (restrict to locahost) is not possible because that wouldn't catch more sophisticated settings done with VBoxManage.

Is this essentially about how to display in the GUI values that cannot be set in the GUI?

Note: See TracTickets for help on using tickets.

www.oracle.com
ContactPrivacy policyTerms of Use